Description

Each Directory Server suffix you create is configured according to
the suffix properties documented here and in the documentation specified under the SEE ALSO section.

PROPERTY: db-name

Syntax

STRING

Default Value

suffixName

Is readable

Yes

Is modifiable

No

Is multi-valued

Yes

This property specifies the the suffix used to process requests involving the database.

PROPERTY: entry-cache-count

Syntax

INTEGER | unlimited

Default Value

unlimited

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the number of entries allowed in the entry cache
of the suffix.

PROPERTY: entry-cache-size

Syntax

MEMORY_SIZE

Default Value

10M

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum amount of memory Directory Server
requests for the entry cache of the suffix.

PROPERTY: entry-count

Syntax

INTEGER

Default Value

0

Is readable

Yes

Is modifiable

No

Is multi-valued

No

This property specifies the number of entries stored in the suffix.

PROPERTY: parent-suffix-dn

Syntax

DN | undefined

Default Value

DN of the parent entry

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the DN of the parent entry for the suffix. The
value of this property must logically be a parent of the suffix.

For instance, if you have a suffix with DN dc=com
and a suffix dc=example,dc=com, you can set dc=com as the parent-suffix-dn of dc=example,dc=com, and subtree searches with based DN dc=com then
also travers dc=example,dc=com.

PROPERTY: referral-mode

Syntax

disabled | enabled | only-on-write

Default Value

disabled

Is readable

Yes

Is modifiable

Yes, if the suffix is not replicated

Is multi-valued

No

This property specifies how referrals are used when a client makes a
request involving the suffix.

PROPERTY: repl-cl-max-age

This property specifies the maximum age for a record in the replication
changelog. Older records are purged.

PROPERTY: repl-cl-max-entry-count

Syntax

INTEGER

Default Value

0 (meaning undefined)

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of records in the replication
changelog. When the limit is exceeded, older records are purged.

PROPERTY: repl-id

Syntax

INTEGER

Default Value

None

Is readable

Yes

Is modifiable

Yes, using the subcommands to manage replication

Is multi-valued

No

This property specifies the replica identification number, 1-65534 for
a supplier, 65535 for a consumer or a hub. Once set, this property cannot be modified.

PROPERTY: repl-manager-bind-dn

Syntax

DN | undefined

Default Value

undefined

Is readable

Yes

Is modifiable

Yes

Is multi-valued

Yes

This property specifies the bind DNs of users allowed to bind to perform
replication operations on the suffix.

PROPERTY: repl-purge-delay

Syntax

DURATION | never

Default Value

7d

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum age of tombstone entries used by replication. Tombstone
entries are entries marked for deletion that have not yet been removed, and
also replication state information associated with the entries. When setting
this attribute, ensure that the purge delay is longer than the longest replication
cycle in your replication policy to avoid incurring conflict resolution problems
and divergence between replicas.

PROPERTY: repl-rewrite-referrals-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether referrals you set can be automatically
overwritten by the server to reference replicas.

PROPERTY: repl-role

Syntax

not-replicated | master | hub | consumer

Default Value

not-replicated

Is readable

Yes

Is modifiable

Yes, using the subcommands to manage replication

Is multi-valued

No

This property specifies the role played by the suffix in a replicated
topology.

not-replicated

The suffix is not part of a replicated toplogy.

master

This suffix
is a supplier of replication updates in a replicated topology. It can accept
both read and write operations.

hub

This suffix
is a supplier of replication updates in a replicated topology. It can accept
read operations and replication updates.

consumer

This
suffix is a dedicated consumer of replication updates in a replicated topology.
It can accept read operations and replication updates, but not writes from
clients.

To promote a replica, use the dsconf promote-repl command. To demote a replica, use the dsconf demote-repl command.

A duration specified in months (M), weeks (w), days (d), hours (h), minutes (m), seconds (s), and miliseconds (ms), or some combination with multiple specifiers. For example, you can specify one week as 1w, 7d, 168h, 10080m, or 604800s. You can also specify one week as 1w0d0h0m0s.

DURATION properties typically do not each support all duration specifiers (Mwdhms). Examine the output of dsconf help-properties for the property to determine which duration specifiers are supported.

EMAIL_ADDRESS

A valid e-mail address.

HOST_NAME

An IP address or host name.

INTEGER

A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647. On 64-bit systems, 9223372036854775807.

INTERVAL

An interval value of the form hhmm-hhmm0123456, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000-2359, and the second specifies days, starting with Sunday (0) to Saturday (6).

IP_RANGE

An IP address or range of address in one of the following formats:

IP address in dotted decimal form.

IP address and bits, in the form of network number/mask bits.

IP address and quad, in the form of a pair of dotted decimal quads.

All address. A catch-all for clients that are note placed into other, higher priority groups.

0.0.0.0. This address is for groups to which initial membership is not considered. For example, for groups that clients switch to after their initial bind.

A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4), write (2), execute (1), or no access (0) permissions, thus 640 specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.

PASSWORD_FILE

The full path to the file from which the bind password should be read.